CLAIMS 



What is claimed is: 

11. An apparatus for managing access to a cryptographically secured access-controlled 

2 datum, comprising: 

3 (a) input logic for receiving a candidate access code; 

4 (b) a first memory configured to store a cryptographically camouflaged access- 

5 controlled datum; 

6 (c) first cryptographic logic operatively connected to said input logic and said fu-st 

7 memory for processing said cryptographically camouflaged access-controlled datum using said 

8 candidate access code; and 

9 (d) output logic for providing said processed datum access-controlled datum to a user 
1 0 of said apparatus, 

1 2. The apparatus of claim 1 wherein: 

2 (a) said access-controlled datum has been at least partially encrypted using an access 

3 code; 

4 (b) a second memory configured to store a cryptographic representation of said access 

5 code; 

6 (c) said first cryptographic logic includes: 

7 (i) second cryptographic logic operatively connected to said input logic and 

8 configured to regenerate said cryptographic representation of said access code in response to said 

9 candidate access code belonging to a plurality of pseudo-valid access codes; and 

1 0 (ii) ^rd cryptographic logic configured to receive said regenerated 

1 1 cryptographic representation from said second cryptographic logic, and operatively connected to 

12 said first memory and to said input logic for using said received candidate access code in 
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1 3 decrypting said stored encrypted access-controlled datum to produce a decrypted access- 

14 controlled datum. 

13. The apparatus of claim 2 wherein said access-controlled datum is a cryptographic key. 

1 4. The apparatus of claim 3 wherein said cryptogr^hic key is a private key, 

1 5. The apparatus of claim 4 further comprising a pseudo-public key coiresponding to said 

2 private key. 

p., ^ ^' The apparatus of claun 5 fixrther comprising a pseudo-public certificate containing said 

^^J 2 pseudo-public key. 

^: 1 7. The apparatus of claim 6 wherein said pseudo-public key is encrypted. 

r. 1 8. The apparatus of claim 7 wherein said pseudo-public key is encrypted with a public key 

: ;^ 2 having a corresponding private key that is not generally known. 

Q I 9. The apparatus of claim 4 wherein said private key is well-formed. 

1 10. The apparatus of claim 9 wherein said private key includes a modulus not having any 

2 small factors, and an exponent smaller than said modulus. 

1 11. The apparatus of claim 9 wherein said private key includes: 

2 (a) a cleartext representation of said modulus; and 

3 (b) a cryptographic representation of at least a part of an exponent corresponding to 

4 said modulus. 

1 12. The apparatus of claim 1 1 : 
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2 (a) further comprising a third memory for storing a number larger than said exponent 

3 and smaller than said modulus; and 

4 (b) wherein said at least part of said exponent is stored in an expanded form which, 

5 when evaluated modulo said number, equals said at least part of said exponent. 

1 13. The apparatus of claim 1 1 wherein said at least part of said exponent represents certain 

2 less significant bits of said exponent. 

1 14. The apparatus of claim 3 wherein said second cryptographic logic for said regeneration of 

2 said cryptographic representation of said access code includes a many-to-one hash. 

1 15. The apparatus of claim 1 4 wherein said many-to-one hash is a good hash. 

1 1 6. The apparatus of claim 2 wherein: 

2 (a) said cryptographic representation includes a hash function; and 

3 (b) said second cryptographic logic for said regeneration of said cryptographic 

4 representation includes a many-to-one hash. 

1 17, The apparatus of claim 16 wherein said many-to-one hash is a good hash. 

1 18. The apparatus of claim 17 wherein said good hash is characterized in that said plurality of 

2 pseudo-valid access codes are distributed substantially uniformly among a plurality of invalid 

3 access codes. 

1 1 9, The apparatus of claim 16 wherein said access-controlled datum is a private key. 

1 20. The apparatus of claim 1 9 further comprising a pseudo-public key corresponding to said 

2 private key. 

1 21 . The apparatus of claim 19 wherein said private key is well-formed. 
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1 22. The apparatus of claim 19 further comprising digital signing logic including: 

2 (a) input logic for receiving a message to be signed; 

3 (b) randomizing logic for generating random data; and 

4 (c) fourth cryptographic logic operatively connected to said input logic and to said 

5 randomizing logic for: 

6 (0 padding said received message with said generated random data; and 

7 (ii) signing said padded message with said decrypted access-controlled datum. 

1 23 . The apparatus of claim 2 wherein said third cryptographic logic is configured to disallow 

2 said decryption when said received candidate access code is an invalid access code. 

1 24. The apparatus of claim 2 implemented as a software program. 

1 25. The apparatus of claim 2 implemented as a hardware device. 

1 26. The apparatus of claim 2 further comprising digital signing logic including: 

2 (a) input logic for receiving a message to be signed; 

3 (b) randomizing logic for generating random data; and 

4 (c) fifth cryptographic logic operatively connected to said input logic and to said 

5 randomizing logic for: 

6 (i) padding said received message with said generated random data; and 

7 (ii) signing said padded message with said decrypted access-controlled datum. 

1 27. The apparatus of claim 26 wherein said generated random data is strongly random. 

1 28. The apparatus of claim 27 wherein said generated random data originates firom a physical 

2 source. 
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1 29. The apparatus of claim 2 wherein said third cryptographic logic for decrypting includes a 

2 symmetric cryptographic function. 

1 30. The apparatus of claim 29 wherein said symmetric cryptographic function is DBS. 

1 3 L The apparatus of claim 1 wherein said stored access-controlled datum is a private key 

2 having a corresponding public key that includes a long exponent. 

1 32. A cryptographic key wallet comprising: 

2 (a) input logic for receiving a user-inputted access code that may belong to a plurality 

3 of pseudo-valid access codes; 

4 (b) cryptographic logic for decrypting a stored access-controlled datum, using said 

5 pseudo-valid access code, upon cryptographically verifying said pseudo-valid access code; and 

6 (c) output logic for providing said decrypted access-controlled datum to said user. 

1 33 . The cryptographic key wallet of claim 32 wherein said access-controlled datum includes 

2 a private key having a corresponding pseudo-public key. 

1 34. The cryptographic key wallet of claim 33 further comprising a pseudo-public certificate 

2 containing said pseudo-public key. 

1 35. A digital certificate server comprising: 

2 (a) input logic for receiving from a requestor a digitally signed request for a pseudo- 

3 public digital certificate, said request including: 

4 (i) a pseudo-public key to be certified, and 

5 (ii) an identifying attribute of said requestor; 

6 (b) cryptographic logic for verifying said digitally signed request using said pseudo- 

7 public key; 
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8 (c) logic for creating said pseudo-public certificate upon said verifying said digitally 

9 signed request, said certificate including a cryptographic representation of said pseudo-public 

10 key; and 

1 1 (d) output logic for providing said pseudo-public certificate for said requestor. 

1 3 6. The digital certificate server of claim 3 5 configured for use with a digital wallet, said 

2 digital wallet comprising: 

3 (a) input logic for receiving a candidate access code; 

4 (b) a first memory configured to store a cryptographically camouflaged access- 

5 controlled datum; 

6 (c) first cryptographic logic operatively connected to said mput logic and said first 

7 memory for processing said cryptographically camouflaged access-controlled datum using said 
I J 8 candidate access code; and 

^ f 9 (d) output logic for providing said processed datum access-controlled datum to a user 

MO of said apparatus. 

J:"; 1 37. The digital certificate server of claim 35 wherein said pseudo-public certificate is of a 

f il 2 modified conventional format. 

1 38. The digital certificate server of claim 35 wherein said pseudo-public key is encrypted. 

1 39. The digital certificate server of claim 38 wherein said pseudo-public key is encrypted 

2 with a public key having a corresponding private key that is not generally known. 

1 40. The digital certificate server of claim 35 implemented as an add-on module for use with a 

2 conventional digital certificate server. 

1 41 . Apparatus for verifying a digitally-signed message, comprising: 

2 (a) input logic for receiving a digitally-signed message and a pseudo-public key 

3 allegedly corresponding to a signer of said message; 
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4 (b) cryptographic logic for using a public key of an enterprise certifying authority to 

5 cryptographicaJly verify the pseudo-public key ; and 

6 (c) signalling logic for detecting fraudulent use of said message upon failure of said 

7 verified pseudo-public key to successfully verify said signed message. 



1 42. The apparatus of claim 41 wherein said digitally-signed message is signed using a 

2 candidate private key that was generated by a cryptographic key wallet in response to a pseudo- 

3 valid access code. 



1 43 . The apparatus of claim 42 wherein said key wallet includes: 

2 (a) input logic for receiving a candidate access code; 

3 (b) a first memory configured to store a cryptographically camouflaged access- 

4 controlled datum; 

5 (c) first cryptographic logic operatively connected to said input logic and said first 

6 memory for processing said cryptographically camouflaged access-controlled datum using said 

7 candidate access code; and 

8 (d) output logic for providing said processed datum access-controlled datum to a user 

9 of said apparatus. 

1 44. The apparatus of claim 41 wherein said logic for detecting said fraudulent use includes 

2 logic for fi-eezing access to said apparatus upon a plurality of unsuccessful attempted 

3 verifications. 



1 45. The apparatus of claim 41 wherein said logic for detecting said fraudulent use includes 

2 logic for effecting an alarm upon unsuccessful attempted verification. 

1 46. The apparatus of claim 41 wherein said cryptographic logic for using a public key of an 

2 enterprise certifying authority to verify the pseudo-public key includes cryptographic logic for 

3 decrypting said pseudo-public key. 
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1 47, The apparatus of claim 41 wherein said received pseudo-public key is contained in a 

2 pseudo-public certificate. 

1 48. A method for providing a stored cryptographically-secured access-controlled datum, 

2 comprising the steps of: 

3 (a) receiving a candidate access code from a user of a digital wallet; 

4 (b) accessing a stored, cryptographically camoflagued access-controlled datum; 

5 (c) cryptographically processing said cryptographically camoflagued access- 

6 controlled datum using said candidate access code; and 

7 (d) providing said processed datum access-controlled datum to said user of said 
... 8 wallet. 

1 49. The method ofclaim 48 wherein said step of cryptographically processing said 

J 2 2 cryptographically camoflaged access-controlled datum using said candidate access code mcludes: 
1^3 (a) accessing ftom a first memory within a digital wallet, an access-controlled datum 

I 4 that has been at least partially encrypted using an access code; 

^^^5 (b) accessing from a second memory within said digital wallet, a cryptographic 

fll 6 representation of said access code; 

f i 7 (c) regenerating said cryptographic representation of said access code in response to 

^ 8 said candidate access code belonging to a plurality of pseudo-valid access codes; and 
9 (d) using said received candidate access code, decrypting said encrypted access- 

1 0 controlled datum to produce a decrypted access-controlled datum. 

1 50. The method of claim 49 wherein said access-controlled datum is a cryptographic key. 

1 5 L The method of claim 50 wherein said cryptographic key is a private key. 

1 52. The method of claim 5 1 wherein said private key is a member of a cryptographic key pair 

2 including a pseudo-public key corresponding to said private key. 
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1 53 . The method of claim 52 wherein said digital wallet includes a pseudo-public certificate 

2 containing said pseudo-public key. 

1 54. The method of claim 53 wherem said pseudo-public key is encrypted* 

1 55. The method of claim 54 wherem said pseudo-public key is encrypted with a public key 

2 having a corresponding private key that is not generally known. 

1 56. The method of claim 52 wherein said private key is well-formed. 

1 57. The method of claim 56 wherein said private key includes a modulus not having any 

;i 2 small factors, and an exponent smaller than said modulus. 

:f 1 58. Themethodof claim 56 wherein said private key includes: 
^ 2 (a) a cleartext representation of said modulus; and 

3 (b) a cryptographic representation of at least a part of an exponent corresponding to 

4 said modulus. 

I 1 59. The method of claim 58 wherein: 

' 2 (a) said private key is stored in said first memory as an expanded form of at least part 

3 of said exponent; and 

4 (b) said step of decrypting said encrypted access-controlled datum includes: 

5 (i) retrieving firom a third memory a number larger than said exponent and 

6 smaller than said modulus; 

7 (ii) retrieving said expanded form of at least part of said exponent from said 

8 first memory; and 

9 (iii) evaluating said expanded form of at least part of said exponent, modulo 
1 0 said number, to recover said at least part of said exponent. 
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1 60. The method of claim 58 wherein said at least part of said exponent represents certain less 

2 significant bits of said exponent. 

1 61. The method of claim 5 1 wherein said step of regenerating said cryptographic 

2 representation of said access code includes performing a many-to-one hash. 

1 62. The method of claim 61 wherein said many-to-one hash is a good hash. 

1 63 . The method of claim 50 wherein: 

2 (a) said cryptographic representation includes a hash function; and 

3 (b) said step of regenerating said cryptographic representation of said access code 

4 includes performing a many-to-one hash. 

1 64. The method of claim 63 wherein said many-to-one hash is a good hash. 

1 65. The method of claim 64 wherem said good hash is characterized in that said plurality of 

2 pseudo-valid access codes are distributed substantially uniformly among a plurality of invalid 

3 access codes. 

1 66. The method of claim 63 wherem said access-controlled datum is a private key. 

1 67. The method of claim 66 wherein said private key is a member of a cryptographic key pair 

2 including a pseudo-public key corresponding to said private key. 

1 68. The method of claim 66 wherein said private key is well-formed. 

1 69. The method of claim 66 further comprising the steps of: 

2 (a) receiving a message to be signed; 

3 (b) generating random data; 

4 (c) padding said received message with said generated random data; and 
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5 (d) signing said padded message with said decrypted access-controlled datum. 

1 70. The method of claim 50 wherein said step of decrypting said access-controlled datum is 

2 disallowed when said received candidate access code is an invalid access code. 

1 7L The method of claim 50 implemented as a software program. 

1 72. The method of claim 50 implemented via a hardware device. 

1 73 . The method of claim 50 further comprising the steps of: 

2 (a) receiving a message to be signed; 

3 (b) generating random data; 

4 (c) padding said received message with said generated random data; and 

5 (d) signing said padded message with said decrypted access-controlled datum. 

1 74. The method of claim 73 wherein said generated random data is strongly random. 

1 75. The method of claim 74 wherein said generated random data originates from a physical 

2 source. 

1 76. The method of claim 50 wherein said step of decrypting said encrypted access-controlled 

2 datum includes performing a symmetric cryptographic operation thereon. 

1 77. The method of claim 76 wherein said symmetric cryptographic operation is DES. 

1 78. The method of claim 50 wherein said stored access-controlled datum is a private key 

2 having a corresponding public key that includes a long exponent. 

1 79. A method for providing a stored cryptographically-secured access-controlled datum, 

2 comprising the steps of: 
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3 (a) receiving, at a digital wallet, a user-inputted access code that may belong to a 

4 plurality of pseudo- valid access codes; 

5 (b) decrypting, at said digital wallet, a stored access-controlled datum, using said 

6 pseudo-valid access code, upon cryptographically verifying said pseudo-valid access code; and 

7 (c) providing said decrypted access-controlled datum to said user of said digital 

8 wallet. 



1 80. The method of claim 79 wherein said access-controlled datum includes a private key 

2 having a corresponding pseudo-public key. 

1 81. The method of claim 80 wherein said digital wallet includes a pseudo-public certificate 

2 containing said pseudo-public key. 

1 82. A method for generating a pseudo-public digital certificate comprising the steps of: 
' 2 (a) receiving from a requestor a digitally signed request for a pseudo-public digital 

3 certificate, said request including: 

X. 4 (i) a pseudo-public key to be certified, and 

1 5 (ii) an identifying attribute of said requestor; 

f 6 (b) cryptographically verifying said digitally signed request using said pseudo-piiblic 

J 7 key; 

8 (c) creating said pseudo-public certificate upon said verifying said digitally signed 

9 request, said certificate including a cryptographic representation of said pseudo-public key; and 
1 0 (d) outputting said pseudo-public certificate for said requestor. 

1 83 . The method of claim 82 fiirther comprising the step of placing said created digital 

2 certificate in a digital wallet, said digital wallet comprising: 

3 (a) input logic for receiving a candidate access code; 

4 (b) a first memory configured to store a cryptographically camouflaged access- 

5 controlled datum; 
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6 (c) first cryptographic logic operatively connected to said input logic and said first 

7 memory for processing said cryptographically camouflaged access-controlled datum using said 

8 candidate access code; and 

9 (d) output logic for providing said processed datum access-controlled datum to a user 

10 of said apparatus, 

1 84. The method of claim 82 wherein said pseudo-public certificate is of a modified 

2 conventional format. 

1 85. The apparatus of claim 84 wherein said pseudo-public key is encrypted. 

; 1 86. The method of claim 85 wherein: 

\ 2 (a) said pseudo-public key is encrypted with a public key having a corresponding 

I 3 private key that is not generally known. 

" 1 87. The method of claim 82 performed via an add-on module for use with a conventional 

L 2 digital certificate server. 

11 88. A method for verifying a digitally-signed message, comprising the steps of: 

1 2 (a) receiving, at a message verification apparatus, a digitally-signed message and a 

3 pseudo-public key allegedly corresponding to a signer of said message; 

4 (b) using a public key of an enterprise certifying authority to cryptographically verify 

5 the pseudo-public key; and 

6 (c) detecting fi-audulent use of said message upon failure of said verified pseudo- 

7 public key to successfully verify said signed message. 

1 89. The method of claim 88 wherein said digitally-signed message is signed using a 

2 candidate private key that was generated by a cryptographic key wallet in response to a pseudo- 

3 valid access code. 
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1 90. The method of claim 89 wherein said key wallet includes: 

2 (a) input logic for receiving a candidate access code; 

3 (b) a first memory configured to store a cryptographicaily camoufl^ed access- 

4 controlled datum; 

5 (c) first cryptographic logic operatively connected to said input logic and said first 

6 memory for processing said cryptographicaily camouflaged access-controlled datum using said 

7 candidate access code; and 

8 (d) output logic for providing said processed datum access-controlled datum to a user 

9 of said apparatus. 

1 91. The method of claim 88 wherein said step of detecting said fraudulent use includes 

2 fireezing access to said message verification apparatus upon a plurality of unsuccessfiil attempted 

3 verifications. 

1 92. The method of claim 88 wherein said step of detecting said firaudulent use mcludes 

2 effecting an alarm upon unsuccessful attempted verification. 

1 93 . The method of claim 88 wherein said step of using a public key of an enterprise certifying 

2 authority to cryptographicaily verify the pseudo-public key includes decrypting said pseudo- 

3 public key. 

1 94. The apparatus of claim 88 wherein said received pseudo-public key is contained in a 

2 pseudo-public certificate, 

1 95 . A method for storing a stored cryptographically-secured access-controlled datum, 

2 comprising the steps of: 

3 (a) receiving an access-controlled datum; 

4 (b) cryptographicaily camoflaguing said access-controlled datum such to be 

5 recognizable by an authorized user thereof but unrecognizable to an unauthorized user thereof; 

6 and 
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7 (c) storing said camoflaged access-controlled datum in a digital wallet 

1 96. The method of claim 95 wherein said step of cryptographically camoflaguing said access- 

2 controlled datum includes: 

3 (a) receiving an access code; 

4 (b) computing a cryptographic representation of said access code, said representation 

5 having the property of being reproducible in response to a plurality of pseudo-valid access codes; 

6 (c) storing said computed cryptographic representation of said access code; 

7 (d) at least partially encrypting said access-controlled datum using said access code; 

8 (e) storing said at least partially encrypted access-controlled datum for subsequent 

9 access by a user providing one of said plurality of said pseudo-valid access codes. 

1 97, The method of claim 96 wherein said access-controlled datum is a cryptographic key. 
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